We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - Advice and guidance

Scottish Cyber Coordination Centre - vulnerability coordination: policy and procedure

Published
3 January 2025
From
Director of Digital
Directorate
Digital Directorate
Topic
Public safety and emergencies, Public sector
ISBN
9781836911869

Outlines the policy and procedure for Scottish Cyber Coordination Centre (SC3) to alert and, where appropriate, coordinate responses from the Scottish public sector organisations, to cyber-attacks that exploit a previously unknown vulnerability.

View supporting documents Supporting documents

Alerting Process

6.1 SC3 will disseminate, via a weekly vulnerability report, information on all critical vulnerabilities and those that have a the greatest probability of exploitation (by using the Exploit Prediction Scoring System) that have been published in the previous week.

6.2 SC3 will seek to alert the Scottish public sector via the Scottish Public Sector group within the Cybersecurity Information Sharing Partnership platform (CISP) and via the Scottish Public Sector Cyber Resilience Early Warning (CREW) Notification email group.

6.3 The reports may also be sent to the SC3 Core Partners SPOCs who may be satisfied with the dissemination or wish to add context and forward to their communities.

6.4 Where appropriate SC3 will also make use of the wider alerting available through the CyberScotland Partnership Portal where a subscription email service to SC3 ‘TLP Clear’ reports are available.

Contact

Email: SC3@gov.scot

Back to top